Analysis
-
max time kernel
191s -
max time network
300s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 12:43
Static task
static1
Behavioral task
behavioral1
Sample
4efd7695debe9f54354818b72e37ddfc11572517069804fbe63fdc385e4a4f96.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4efd7695debe9f54354818b72e37ddfc11572517069804fbe63fdc385e4a4f96.dll
Resource
win10v2004-20221111-en
General
-
Target
4efd7695debe9f54354818b72e37ddfc11572517069804fbe63fdc385e4a4f96.dll
-
Size
456KB
-
MD5
9bdad367270d1006d9e80bde23c756e0
-
SHA1
c90eb508912ed16a5d4119cc75a690fca08acef8
-
SHA256
4efd7695debe9f54354818b72e37ddfc11572517069804fbe63fdc385e4a4f96
-
SHA512
65a35bff3263942797546d2e80d965063c9072e904f9a11475f710872296706bbfdcc679bdbce5b37fdf8824bf86e509fe46a246f8745c08684493df8aae2835
-
SSDEEP
12288:xjakuUr1e/PKlFrvf6mZ8WvO10Pqu5t6NjDpdGpggyJYQTrPH7OBNhkJK:juKvf504quWhpdGRyXTrqBNhkJ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4544 wrote to memory of 3412 4544 regsvr32.exe 81 PID 4544 wrote to memory of 3412 4544 regsvr32.exe 81 PID 4544 wrote to memory of 3412 4544 regsvr32.exe 81
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\4efd7695debe9f54354818b72e37ddfc11572517069804fbe63fdc385e4a4f96.dll1⤵
- Suspicious use of WriteProcessMemory
PID:4544 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\4efd7695debe9f54354818b72e37ddfc11572517069804fbe63fdc385e4a4f96.dll2⤵PID:3412
-